Showing posts from March, 2014

Are Nation States Responsible for Evil Traffic Leaving Their Networks?

During recent talks to various audiences, I've mentioned discussions within the United Nations. One point from these discussions involved certain nation states agreeing to modes of behavior in cyber space. I found the document containing these recent statements: A/68/98, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security  (pdf). This document is hosted within the United Nations Office for Disarmament Affairs , in the  developments in the field of information and telecommunications section. Fifteen countries were involved in producing this document: Argentina, Australia, Belarus, Canada, China, Egypt, Estonia, France, Germany, India, Indonesia, Japan, the Russian Federation, the United Kingdom of Great Britain and Northern Ireland and the United States of America. Within the section titled "Recommendations on norms, rules and principles of responsible behaviour by States," I found

Five Thoughts from VADM Rogers Testimony

I had a chance to read  Advance Questions for Vice Admiral Michael S. Rogers, USN (pdf) this weekend. I wanted to share five thoughts based on excerpts from the VADM Rogers' answers to written questions posed by the Senate Armed Services Committee. 1. The Committee asked: Can deterrence be an effective strategy in the absence of reliable attribution? VADM Rogers responded: Yes, I believe there can be effective levels of deterrence despite the challenges of attribution. Attribution has improved, but is still not timely in many circumstances... Cyber presence, being forward deployed in cyberspace , and garnering the indications and warnings of our most likely adversaries can help (as we do with our forces dedicated to Defend the Nation). (emphasis added) I wonder if "cyber presence" and "being forward deployed in cyberspace" means having access to adversary systems? There's little doubt as to the source of an attack if you are resident on the sy

Bejtlich Teaching at Black Hat USA 2014

I'm pleased to announce that I will be teaching one class at  Black Hat USA 2014   2-3 and 4-5 August 2014 in Las Vegas, Nevada. The class is  Network Security Monitoring 101 . I've taught this class in Las Vegas in July 2013 and Seattle in December 2013. I posted  Feedback from Network Security Monitoring 101 Classes  last year as a sample of the student commentary I received. This class is the perfect jumpstart for anyone who wants to begin a network security monitoring program at their organization. You may enter with no NSM knowledge, but when you leave you'll be able to understand, deploy, and use NSM to detect and respond to intruders, using open source software and repurposed hardware. The first discounted registration deadline is 11:59 pm EDT June 2nd. The second discounted registration deadline (more expensive than the first but cheaper than later) ends 11:59 pm EDT July 26th. You can  register here . Please note: I have no plans  to teach this class